From 5f0b5bdfb17a5e3a31f0c41953a45491e4a26fca Mon Sep 17 00:00:00 2001
From: Robin <robin@robin.town>
Date: Tue, 14 May 2024 14:01:27 -0400
Subject: [PATCH] Fetch avatars without CORS

By omitting the crossOrigin attribute, we change avatars to use a non-CORS request to fetch the image. This allows avatars to load even on null origins (fixing https://github.com/element-hq/element-web/issues/26491), but also prevents us from inspecting the image data in JavaScript, for example by using it in a canvas. We weren't doing that of course, so switching to the locked-down non-CORS mode should have no consequences.
---
 src/components/Avatar/Avatar.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/components/Avatar/Avatar.tsx b/src/components/Avatar/Avatar.tsx
index 4db51ecd..ef42cb09 100644
--- a/src/components/Avatar/Avatar.tsx
+++ b/src/components/Avatar/Avatar.tsx
@@ -121,7 +121,6 @@ export const Avatar = forwardRef<
           loading="lazy"
           alt=""
           src={src}
-          crossOrigin="anonymous"
           referrerPolicy="no-referrer"
           className={classnames(styles.image)}
           data-type={type}